PointBlank / Project Blackout – How to start reversing / hacking it

I recently started looking into this game briefly for a friend. Since this game still seems rather popular I figured I might write something about it.
Since the engine is divided in multiple DLL-files, it makes finding out how stuff works very easy, even for the beginner at reverse-engineering.

I’ve got PointBlank Thailand, there are multiple versions for different regions, the core engine is the same but offsets might vary.

Here it calls Direct3DCreate9 to create an instance of IDirect3D9, and puts the pointer in +5364h of the i3RenderContext class. For more information on Direct3DCreate9, take a look at MSDN; Direct3DCreate9 function definition.

Now it would be very nice to have a pointer to the i3RenderContext class the game uses. Let’s analyze other modules and see what we can find.. Here is a little play-by-play:

i3SceneDx.dll

Hey, that’s cool, now we’ve found the static pointer g_pRenderContext to i3RenderContext!

Before we move on, let’s look up the i3RenderContext::isReady(void) function in i3GfxDx.dll, we can use that later in our hack to determine if D3D is initialized yet. So open the DLL back up in IDA again, find the function and it looks like this:
We can see all it does is return the value of this+28h, so we know that at 0x28 into the i3RenderContext class is the boolean value for “IsReady”. This way we can check if the renderer is ready or not before trying to hook it. 🙂

It might seem difficult to find a starting point in gamehacking, but browse the forums that exist like UnknownCheats (linked in sidebar), read what people write, look at the tutorials available to you.
With a bit of smarts, alot of patience for trial’n’error, and a bit of programming knowledge, you will reach your goals 🙂

Start small, start with easy games, set up small goals for yourself and push through on them.